Institutional Policy on Access and Control of Information Contained in Student Records

The purpose of this Presidential Directive is to ensure that San José State University
continues to comply with all Federal and State legislation and California State University
policies regarding the access and control of information contained in student records.

Introduction

The use of institutional data to assess our progress in achieving university goals
and in making course adjustments in our strategic planning efforts is a highly valuable
resource, which is becoming ubiquitous in campus-wide operations.

The collection, storage, analysis, dissemination and overall management of institutional
data is a complex interdivisional undertaking that requires participation and cooperation
from a number of units including Administration and Finance, Human Resources, Institutional
Research, University Advancement, Enrollment Services, Academic Planning and Budgets
and others.

History

In order to establish institutional policies to manage and to provide timely and efficient
availability of institutional data reports for all users, an Institutional Data Management
Council (IDMC) was formed in May, 2007 to develop campus policies and operational
procedures for the management and delivery of such data.

The Council is composed of the AVP for Institutional Research (who serves as the convener
and as a co-chair), the AVP for Enrollment Services (a co-chair), the AVP for Finance
(a co-chair), the Senior Manager for the CMS Project, the Vice Provost for Academic
Planning and Budgets, the AVP for Human Resources, and the Executive Assistant to
the President. The IDMC has an executive committee comprised of the three co-chairs
and the Executive Assistant to the President. The Council reports directly to the
President.

The IDMC's initial charge was to develop and recommend policies on the access and
control of student and employee institutional data, and subsequently to establish
within that framework and in consultation with the President operational groups as
needed to facilitate fulfilling requests for institutional data by a multiplicity
of both on-campus and off-campus users and to engage in on-going evaluation of its
operation and recommend changes therein to the President as needed to improve its
functional effectiveness.

Presidential Directive 2008-02 on the Access and Control of Information Contained
in Student Records, and Presidential Directive 2008-03 on the Access and Control of
Information Contained in Employee Records, which follows represent the completion
of the initial phase of the IDMC's work.

Revision: April 2, 2009

In the second revision to PD-2008-02, two changes were made. First is the addition
of the sentence, "Additional Concerns or questions that are not addressed in this
document should be submitted to the IDMC for recommendations on a case by case basis,"
immediately preceding the section titled RELEASE OF INFORMATION FOR THE PUBLIC on page three

The second change is in the third paragraph of section 1.1.2. Research Use on page three, which originally read as:

Requests from researchers for surveys of students will be evaluated by the IDMC in
collaboration with other units as appropriate to determine the institutional impact
of surveying students, e.g., to ensure that students are not asked to participate
in an inappropriately high number of surveys. Requests for student contact data from
researchers wishing to survey students may be approved or denied based on recommendations
from the review team, and in accord with campus priorities for data request fulfillment.

In the April 2, 2009 revision this paragraph was changed to:

Requests from researchers for surveys of students will be evaluated by the University-Wide
Survey Committee to determine the institutional impact of surveying students, e.g.,
to ensure that students are not asked to participate in an inappropriately high number
of surveys. The committee will then make recommendations to the IDMC for the final
approval. See Appendix A for more detail on the University-Wide Survey.

Finally, Appendix A was added to the April 2, 2009 revision.

Revision: November 19, 2008

Presidential Directive 2008-02 originally was issued on August 25, 2008, but was reissued
on November 19, 2008 with a minor revision as follows:

In the original version, the third (last) paragraph of section " 1.1.2 Research Use" read,

In evaluating requests from researchers for surveys of students, a review team consisting
of senior administrators, the University Registrar's Office, and other units as appropriate
work collaboratively to determine the institutional impact of surveying students,
e.g., to ensure that students are not asked to participate in an inappropriately high
number of surveys. Requests for student contact data from researchers wishing to survey
students may be approved or denied based on recommendations from the review team,
and in accord with campus priorities for data request fulfillment.

In this revised version, that paragraph now reads.

Requests from researchers for surveys of students will be evaluated by the IDMC in
collaboration with other units as appropriate to determine the institutional impact
of surveying students, e.g., to ensure that students are not asked to participate
in an inappropriately high number of surveys. Requests for student contact data from
researchers wishing to survey students may be approved or denied based on recommendations
from the review team, and in accord with campus priorities for data request fulfillment.

Institutional Policy on Access and Control of Information Contained in Student Records

Institutional policy for the access and control of information contained in student
records operates, at the minimum, in compliance with the SJSU Academic Senate Policy
S66-20 Confidentiality of Student Records as well as state and federal statutes, including, but not limited to the federal
Family Educational Rights and Privacy Act (FERPA). In order to provide timely and
efficient availability of institutional data reports for all users, an Institutional
Data Management Council (IDMC), appointed by the President, is in charge of the development
of institutional policies and operational guidelines for the management and delivery
of such data.

The policy is based on the following principles:

Accuracy: Accuracy of data is the responsibility of all members of the university
community, even though accountability is assigned to particular units and individuals.

Responsiveness: The university is committed to the principle of continuous improvement
in its responsiveness in providing institutional data.

Limited Redundancy: Since duplication of data increases the likelihood of data inaccuracy
and effort, the university will strive to reduce excessive redundancy in its data
and systems.

Security: The university is committed to securing confidential data while providing
reasonable access to authorized users.

Additional concerns or questions that are not addressed in this document should be
submitted to the IDMC for recommendations on a case by case basis.

RELEASE OF INFORMATION FOR THE PUBLIC

Beyond disclosure that is required and/or permitted by FERPA, no individual data other
than enrollment status and degree verification (if applicable) are provided to the
general public, including individuals, businesses, or organizations. The university
does not produce a student directory. Additional information regarding the Confidentiality
of Student Records may be obtained at http://www.sa.sjsu.edu/download/sa/FERPA_bulletin.pdf [You will need Acrobat Reader to view PDF files. Download now.]

Exception to the state and federal requirements stated in the previous paragraph are
provided for three types of requesters: recognized educationally related organizations,
National Student Clearinghouse, and United States military recruiters. Requests for
individual student data from recognized educationally related organizations may come
to IDMC with senior administrators and/or the University Registrar as the requestor.
The requestor shall ensure that the Institutional Review Board (IRB) and any other
necessary approvals are in order before submitting the request to IDMC for consideration.
For all verifications of student enrollment and degrees, SJSU has authorized National
Student Clearinghouse (NSC) to act as its agent. More information regarding NSC may
be obtained at www.studentclearinghouse.org. Degree verification for the most recent term is available approximately eight weeks
after the term ends. In addition, the University Registrar's Office provides student
contact data for registered and enrolled students to United States military recruiters.
Recruiters should contact the Registrar to make a request for student contact data.

Other limited exceptions under FERPA for disclosures to outside individuals or organizations
such as financial aid funding agencies, accrediting organizations, and individuals
needing to know personal information for health and safety reasons are described in
greater detail at http://www.sa.sjsu.edu/download/sa/FERPA_bulletin.pdf [You will need Acrobat Reader to view PDF files. Download now.].

INFORMATION FOR USE WITHIN SAN JOSÉ STATE UNIVERSITY

1. Requesting Individual Student Data

To obtain data from individual student records, a request must be submitted in writing.
Approved requests will be assigned to the appropriate university office(s) for response.
Release of Social Security numbers is not permitted.

Medical and psychological treatment records are excluded as part of this policy. Requests
for medical and psychological records are evaluated and granted on a case by case
basis by Directors of Student Health Center for medical treatment records and Counseling
Services for psychological treatment records.

If approved, student contact data is released to the requesting unit for one-time
contact with the student as defined in the request. Requests for student contact data
may be made on a categorical basis of demographic variables, but no additionaldemographic
data may be provided beyond that inherent in the categories of request.

All student data are released for internal use by the requestor only, except as defined
in section 1.1.2, Research Use. The requestor, and specified designees, must agree
to use any released data only for the purposes specified in the request and must agree
that released data will not be reproduced, published, publicly posted, or used for
any secondary purpose. The requestor also agrees that he or she will destroy any data
with personal information once he or she no longer has a legitimate educational interest
in the data. Misuse of any such data may subject requestors or their designees to
civil or criminal penalties and/or university discipline.

Any dispute regarding a request for release of student data may be submitted to the
IDMC for resolution using a petition for hearing. The FERPA standards and any other
relevant federal or state law or university policy will govern the resolution.

1.1. Individual Student Data Access Privileges and Procedures

The authorization process and type of student data that may be provided varies according
to the administrative or academic responsibilities of the requestor. Requests for
student data are evaluated and approved for the following purposes.

1.1.1 SJSU Administrative Use

Requests for release of individual student data are evaluated on a case by case basis.
Authorization to submit a request for release of individual student data must first
be approved or denied by the appropriate area senior administrator. Requests that
have been approved for submission are then reviewed, and approved or denied, by the
appropriate senior administrators and/or the University Registrar. Requests must demonstrate
a legitimate educational interest and must be relevant to the academic or administrative
responsibilities of the sponsoring individual, department or organization (hereafter
referred to as the requestor).

1.1.2. Research Use

With appropriate approval, all individual student data may be provided to researchers
affiliated with SJSU, or working in conjunction with SJSU faculty or management personnel.
Disclosure is required.

The requestor must submit proof of SJSU Institutional Review Board (IRB) approval
when making a request for any student data to be used in scholarly research. If the
requestor is a matriculated student, the request must be authorized by the researcher's
faculty advisor at SJSU, by the faculty advisor's department chair or director, and
by the college dean of the sponsoring department at SJSU. In instances where the sponsoring
department does not report to a college dean, the request must be authorized by the
appropriate senior administrator for that unit.

Requests from researchers for surveys of students will be evaluated by the University-Wide
Survey Committee to determine the institutional impact of surveying students, e.g.,
to ensure that students are not asked to participate in an inappropriately high number
of surveys. The committee will then make recommendations to the IDMC for the final
approval. See Appendix A for more detail on the University-Wide Survey.

1.1.3. Student Organization Use

Student contact data, but not demographic or academic performance data, may be provided
to SJSU student organizations that are registered with the Office of Student Involvement
within the Division of Student Affairs. Requests from student organizations must be
authorized by Vice President for Student Affairs, or designee. Examples include, but
are not limited to, requests from student governments serving undergraduate and/or
graduate students, student organizations or student officials affiliated with the
Academic Senate or any of its Committees, university sponsored fraternities and sororities,
and all other student organizations registered with the Office of Student Involvement.

2. Requesting Aggregate Data

Aggregate data is defined as data that are compiled or computed, and that exclude
any record-level values of any nature, including but not limited to personal identifying
information such as names and/or SJSU Identification numbers (EMPLID). Requests for
aggregate student data are evaluated on a case by case basis. Submitted requests are
approved or denied by the appropriate senior administrators and/or the Office of Institutional
Research.

Requests from recognized external educationally related organizations such as educational
associations or governmental entities with responsibilities to education are reviewed
by the senior administrators and/or the Office of Institutional Research and may be
referred to IDMC for further review as appropriate.

3. Use of Student Data for Mass Email Service

Requests for the university's use of mass email service are evaluated on a case-by-case
basis and are approved or denied by senior administrators of the Office of Public
Affairs within the Division of University Advancement who will notify the University
Computing and Telecommunication (UCAT) for processing. Email surveys must be conducted as described in section 1.1.2, Research Use, prior
to submitting this request. Only university email addresses will be used.

Requests must demonstrate a legitimate educational interest and must be relevant to
the academic or administrative responsibilities of the sponsoring department or organization.
The Public Affairs and/or Registrar's Offices reserve the right to edit and format
emails according to university publications standards. The requesting department must
provide an SJSU email address where recipients may send replies and where returned
email is sent. The requesting department assumes responsibility for replies and returned
email. No attachments can be accommodated. Additional information must be posted on
a separate website with an appropriate link provided in the email.

Appendix A. University-Wide Survey

The responsibility of this committee is to ensure that university-wide surveys of
campus faculty, staff, and student opinions are conducted in a manner that minimizes
redundancy and frequency of surveys and follows guidelines for survey deployment.
In order to achieve these goals, all university-wide surveys of faculty, staff, and
student opinions will be coordinated through the University-Wide Survey Committee.

Definitions and Scope

University-Wide survey is defined as a survey

where the target population is drawn from more than one department or unit and/or
is randomly selected.

where the surveyed activities or services span a significant proportion of the student
or employee population.

This policy applies to any university-wide survey of the campus community except for
the following conditions:

surveys for individual classroom research projects, or any research gathering information
for theses, dissertations, publications, or scholarship that does not require widespread
involvement of SJSU students; and

surveys that involve personnel within the initiator's immediate department.

"focused" surveys are those given to a defined population for a specific operational
purpose, (including course evaluations; surveys targeting a limited, well-defined
group of respondents for a narrowly defined purpose).

Survey Committee

The responsibility for implementing and administering this policy shall be delegated
to the University-Wide Survey Committee.

Survey Committee Composition

One representative each from Academic Affairs, Student Affairs, Administration and
Finance, Institutional Research (selected by their respective Vice President), and
one representative from the President's Office (selected by the President). Experience
in survey research is recommended.

Committee Tasks

Coordinate the administration of surveys to minimize overlap and duplication

Provide support for survey development, administration and analysis

Ensure that the information being sought is not already available in another form

Approve survey requests by entities outside of the California State University system

Frequency of meetings of the Survey Committee

Once per semester or as needed.

Required Process for Administering University-Wide Surveys

The request must be submitted to the Office of Institutional Research one month prior
to the first day of classes (for both fall and spring).

If the requestor is a matriculated student, the request must be authorized by the
researcher's faculty advisor at SJSU, by the faculty advisor's department chair or
director, and by the college dean of the sponsoring department at SJSU. In instances
where the sponsoring department does not report to a college dean, the request must
be authorized by the appropriate senior administrator for that unit.

If individual student data are released, they must be used by the requestor only.
The requestor, and specified designees, must agree to use any data provided only for
the purposes specified in the request and must agree that data obtained will not be
reproduced, published, publicly posted, or used for any secondary purpose.